Story image

Firewall best practices to block ransomware - Sophos

10 May 2019

Article by Sophos global solutions engineer Aaron Bugal

Today, getting ‘pwned’ is the rule, rather than the exception.

Organisations that have managed to avoid being breached or cyber-attacks are few and far between, with no industry or individual immune.

According to the latest Notifiable Data Breaches Quarterly Statistics Report, more than 290 breaches have been reported by Australian organisations, and 64% of breaches were a result of malicious or criminal attacks.

Cyber-attacks, while not inevitable, are highly probable – with Sophos research revealing that more than two-thirds (69%) of Australian organisations were hit by a cyber-attack in the last year.

The reason – companies can’t see what’s happening on their endpoint devices, leaving them struggling to prevent attacks or even knowing how and when they happened.

At the same time, the threat landscape is constantly evolving, and attackers are getting smarter, meaning organisations are spending longer securing their networks and their data. On average, organisations spend four days a month investigating potential security issues, and roughly 10 hours to detect significant threats.

With the most common threats continuing to include ransomware, time literally means money.

It’s therefore critical that organisations take a proactive approach to cybersecurity – from deploying the right tools and skills, to having support from management to invest and train staff.

When looking specifically at ransomware, a good place to start is an anti-ransomware tool, while also making use of best practices in general to stay safe.

Here are six firewall best practices to block ransomware in an organisation.

  1. Ensure the right protection is in place. From high-performance next-gen firewall IPS engine to sandboxing, to encryption and backup, organisations need to put the right tools in place to take a proactive approach to cybersecurity.
     
  2. Reduce the surface area of attacks. Review all port-forwarding rules to eliminate any non-essential open ports. Every open port represents a potential opening in the network. Where possible, use VPN to access resources on the internal network from outside rather than port-forwarding. In addition, make sure open ports are secured by applying suitable IPS protection to the rules governing that traffic.
     
  3. Apply sandboxing to web and email traffic to ensure all suspicious active files coming in through web downloads and as email attachments, are being suitably analysed for malicious behaviour before they get onto the network. As part of this, disable macros in document attachments received via email, which will stop a large number of infections in their tracks.
     
  4. Minimise the risk of lateral movement within the network by segmenting LANs into smaller, isolated zones or VLANs that are secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments. In addition, don’t enable more login power than the user needs, this will reduce risk immediately.
     
  5. Automatically isolate infected systems. When an organisation encounters a cyber-attack, it’s important that its IT security solution is able to quickly identify compromised systems and automatically isolate them until they can be cleaned up (either automatically or through manual intervention).
     
  6. Stay up-to-date. Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, internet browsers, Flash, and more. If an organisation stays up-to-date on patching, it’ll be far less vulnerable to potential exploits.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."